Nearly five years after the high-profile ashley madison data breach, hundreds of affected website users are being targeted in a new extortion attack last week.
the 2015 adultery website data breach caused 32 million accounts to be publicly dumped online, including victims’ names, passwords, phone numbers, credit card information and more . Up to a year after the hack, Kaspersky researchers said affected users were still suffering from a variety of attacks, from credit card scams to spam emails.
Reading: Ashley madison bitcoin email
Now, cybercriminals are once again exploiting the treasure trove of breached Ashley Madison’s data in a new highly targeted and targeted attack. According to Vade Secure researchers, extortionists are sending targeted emails to affected Ashley Madison users once again.
“In the last week, Vade Secure has detected several hundred examples of this extortion scam, targeting users primarily in the US, Australia, and India,” Vade Secure’s Ed Hadley said in a Friday post. “Seeing more than 32 million accounts go public as a result of the Ashley Madison data breach, we expect to see many more in the weeks to come. furthermore, like sextortion, the threat itself is likely to evolve in response to email security vendor settings.”
victims are receiving emails threatening to expose their ashley madison accounts, along with other embarrassing data, to family and friends on social media and via email unless they pay a bitcoin ransom (which, in the sample email below, amounted to around 0.1188 bitcoin, or $1,059).
Researchers said these emails are highly personalized with information from the Ashley Madison breach, including affected users’ names, bank account numbers, phone numbers, addresses and birthdays, as well as information from Ashley’s website. madison, such as registration dates and answers to security questions.
In addition to the embarrassment associated with being an adulterous website user, the researchers said cybercriminals also take advantage of prior embarrassing purchases allegedly made by victims. one of the emails (above) even references previous purchases of “male assist products” and says “Do the partners you meet at amadison know you’ve been using ‘chemical assist’ to have a good time?'”
the body of the emails references a password-protected pdf attachment, which “says what you need to do to stop this”. This pdf includes additional information from the ashley madison data breach, including when the recipient signed up for the site, her username, and even the interests he verified on the site when looking for an affair. also contains the ransom demand.
“what’s interesting about this extortion scam is that the financial demand is not made in the body of the email itself, but in a password-protected pdf attachment,” the researchers said. “because it recognizes email itself, this is done to avoid detection by email filters, many of which cannot scan the content of files and attachments.”
The PDF file also includes a QR code, for victims who are using a compatible mobile payment app to scan and make the payment.
While the pdf tells victims that the qr code is an option “if you don’t want to type the address,” the researchers say that the qr code is a common phishing technique used to avoid detection by phishing. url scanning or sandboxing technologies. . That’s because many email filters don’t have detection tools for QR code technology, they said.”
“finally, like other phishing and scam emails, this attack creates a sense of urgency by setting a deadline of six days (after the email was sent) to receive the message. bitcoin payment in order to prevent the recipient from having ashley madison’s account. publicly shared account data,” the researchers said.
Sextortion scams are an easy way for cybercriminals to make money by paying ransoms, and they are getting better at evading detection, using new distribution techniques, and changing their “scare” tactics. however, researchers say this attack points to cybercriminals using real data from previous breaches in extortion scams, a trend they believe will proliferate in 2020.
“This ashley madison extortion scam is a good example that a data breach is never over,” hadley said. “In addition to being sold on the dark web, leaked data is almost always used to launch additional email-based attacks, including phishing and scams like this one. With over 5,183 data breaches reported in the first nine months of 2019, exposing 7.9 billion records, we expect to see much more of this technique in 2020.”